#VU72031 Buffer overflow in Google Android
Vulnerability identifier: #VU72031
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Google Android
Operating systems & Components /
Operating system
Vendor: Google
Description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Android kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Google Android: 13 - 13 2023-02-01, 12L - 12L 2023-02-01, 12 - 12 2023-02-01, 11 - 11 2023-02-01, 10 - 10 2023-02-01
External links
http://source.android.com/docs/security/bulletin/2023-02-01#2023-02-05-security-patch-level-vulnerability-details
http://android.googlesource.com/kernel/common/+/50d2b75b860a6495aac6127a27f75b309e91b689
http://android.googlesource.com/kernel/common/+/5844c8e7aaa946341f0d30441adc8f2cd97efbfc
http://android.googlesource.com/kernel/common/+/4ea18cd059a4986a6a6f94a7f6d019b750bece65
http://android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e
http://android.googlesource.com/kernel/common/+/533a88fed7d0107eff64d723d853e9a2c4a1053c
http://android.googlesource.com/kernel/common/+/a1f65b39ba08a0f24bde9f07921ff48277761132
http://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
